A simple framework for distributed forensics

Networks have become omnipresent in today´s world and part of the basic infrastructure. The safety problem is important and urgent for all the network users. But the current situation in this field is very severe - not only is it difficult to block network criminals but also in many cases unable to find them out. There is a growing need for systems that allow not only the detection of complex attacks, but after the fact understanding of what happened. This could be used in a forensic sense or simply as a managerial tool to recover and repair damaged systems. There are few network systems that support forensic evidence collection and the current systems also lack effective attack attribution. In this paper, we will provide a network forensics framework based on the distributed techniques thereby providing an integrated platform for automatic forensic evidence collection and efficient data storage, supporting easy integration of known attribution methods, effective cooperation and an attack attribution graph generation mechanism to illustrate hacking procedures.